Gregory Maxwell wrote:
On 8/2/07, David Gerard dgerard@gmail.com wrote:
Really? I thought we ran "file" on uploads as well as looking at the extension.
We do. And if it doesn't match what we think it will be... we put a notice that no one notices on the image page.
That's incorrect.
If the detected filetype doesn't match the defined filetype for the extension, then the upload is rejected.
(However note that at this moment we don't have very solid detection for OGG.)
The warning on image pages about malicious code is bullshit -- we should remove it, since it has nothing to do with reality.
Greg, don't be afraid to pop things into bugzilla or work with us over in SVN to fix things up. :)
-- brion vibber (brion @ wikimedia.org)